
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.tispto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/997,707 


i i/30/200i 


Tushar Mangroia 


6i56-A 


4306 



7590 



11/13/2003 



Richard L. Myers 
MYERS, DAWES & ANDRAS LLP 
19900 MacArthur Blvd., Suite 1 150 
Irvine, CA 92612 



EXAMINER 



SANTOS, PATRICK J D 



ART UNIT 



PAPER NUMBER 



2171 

DATE MAILED: 1 1/13/2003 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 



Application No. 

09/997,707 



Examiner 

Patrick J Santos 



Applicant(s) 

MANGROLA, TUSHAR 



1fr 



Art Unit 

2171 



-- The MAILING DATE of this communication appears on th cov r sheet with th correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 mONTK(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )[3 Responsive to communication(s) filed on 30 November 2001 . 
2a)D This action is FINAL. 2b)l3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) S Claim(s) 1-13 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-13 is/are rejected. 

7) [3 Claim(s) 1-13 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) I3 The specification is objected to by the Examiner. 

1 0)M The drawing(s) filed on 30 November 2001 is/are: a)|2 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
1 1 )□ The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 

Attachment(s) 



1 ) [>3 Notice of References Cited (PTO-892) 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 



4) Q Interview Summary (PTO-41 3) Paper No(s). 

5) O Notice of Informal Patent Application (PTO-1 52) 

6) D Other: 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 04-01) 



Office Action Summary 



Part of Paper No. 4 



Application/Control Number: 09/997,707 
Art Unit: 2171 



Page 2 



DETAILED ACTION 

Specification 

1 . The abstract and the disclosure is objected to due to improper use of trademarks. The use 
of the following trademarks: SUN MICROSYSTEMS (TM) (p. 1, In. 18), and ENTERPRISE 
JAVA BEANS (TM) (Abstract, In. 9), has been noted in this application. A trademark should be 
capitalized wherever it appears and be accompanied by the generic terminology. Although the 
use of trademarks is permissible in patent applications, the proprietary nature of the marks 
should be respected and every effort made to prevent their use in any manner which might 
adversely affect their validity as trademarks. Appropriate correction is required. 

2. The disclosure is further objected to because of the following informality: the word 
"architecture" is misspelled (p. 3, In. 3). Appropriate correction is required. 

Claim Objections 

3. Claims 5-9, and 13 are objected to due to improper use of trademarks. The use of the 
following trademarks: ENTERPRISE JAVA BEANS (TM) (elm. 5, In. 1; elm. 13, In. 6), has 
been noted in this application. A trademark should be capitalized wherever it appears and be 
accompanied by the generic terminology. Although the use of trademarks is permissible in 
patent applications, the proprietary nature of the marks should be respected and every effort 
made to prevent their use in any manner which might adversely affect their validity as 
trademarks. 
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4. Claims 1-4 are objected to for the following minor informality: the phrase, "different 
that the first user" should read, "different from the first user." 

5. Claims 3-4, and 10-11 are objected to for the following minor informality: a comma is 
missing between phrases. 

Regarding Claims 3-4, a comma is missing between the phrase, "user identity," and the 
phrase, "and user role" (elm. 3, In. 3 and elm. 4, In. 9). Appropriate correction is required. 

Regarding Claim 10-11, a comma is missing between the phrase, "user role," and the 
phrase, and user company" (elm. 10, p. 16, Ins. 1-2). 

6. Claims 12 and 13 are objected to for the following minor informality: there is a spurious 
instance of the word "and" (elm. 12, In. 24). 

7. Claim 13 is objected to for the following minor informality: the word "proving" (elm. 
13, In. 6) should read "providing." 

Claim Rejections - 35 USC § 112 

8. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 
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9. Claims 1-4 and 12-13 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Regarding Claims 1-4, the claims state the limitation, "responding to the information 
relating to user role to choose the first application." Since, there are two user roles specified, a 
first and a second, this language is indefinite. 

Regarding Claims 12-13, the claims state "the second being dependent" (elm. 12, In. 29) 
without specifying what "the second is", thus rendering the claims indefinite. As this appears to 
be a typographic error in which the word "data" was accidentally removed, this issue may be 
addressed by amending the claim to state "the second data being dependent." 

10. Claims 1-4 are further rejected under 35 U.S.C. 1 12, second paragraph, as being 
incomplete for omitting essential steps, such omission amounting to a gap between the steps. 
See MPEP § 2172.01. The Claims are incomplete in that they do not establish as to how the 
second data was chosen (elm. 1, In. 22 as compared to elm. 1, Ins. 15-16). 

Claim Rejections - 35 USC § 103 

1 1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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12. Claims 1, 2, and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent No. 6,067,559 issued to Allard et al. (hereafter Allard '559) in view of the publication, 
"Role Based Access Control for the World Wide Web" by Barkley et al. (hereafter Barkley '97), 
and in further view of applicant's admitted prior art in the pending application 09/997707 
(hereafter AAPA). 
Claims 1-2: 

Allard '559 teaches a method for creating multiple user application programs [Allard 
'559: col. 11, Ins. 1 1-20] using a single application server [Allard '559: col. 6, Ins. 1 8-22], 
including the steps of: 

b) Providing the application server with a first application and a second application 

[Allard '559: col. 5, Ins. 58-64; col. 6, Ins. 2-5]; 
d) Responding to information to choose the first application [Allard '559: col. 5, In. 

68 to col. 6, In. 2]; 

f) Creating a first user application program from the first application and the first 
data [Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68; col. 1, Ins. 20-24; 
col. 2, Ins. 28-32]; and 

g) Creating a second user application program from the second application and the 
second data [Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68; col. 6, Ins. 
6-18; col. 1, Ins. 20-24; col. 2, Ins. 28-32]. 

Allard '559 also teaches storing the first user application program and the second user 
application program in the memory of the single application server [Allard '559, col. 6, Ins. 18- 
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23; col. 6, Ins. 2-5]. Allard '559 does not teach use of a single database server, the storing of 
user identification data, and providing the application server with role information. 

Barkley '97 teaches a Role Based Access Control (RBAC) system including the 
following: 

a) Storing user identification data including information relating to company user 
and user role [Barkley '97: p. 7, Fig. 3; p. 6, Table 1]; (placed prior to step b) 
above) 

b) Modified as stated above to use information based on role to choose the first 
application and second application [Barkley '97: p. 5, Ins: 1-2; p. 5, Ins: 19-23]; 

d) Modified as stated above to use information based on role to choose the first 
application [Barkley '97: p. 5, Ins: 1-2; p. 5, Ins: 19-23] 

Barkley '97 does not teach the use of a single database server. 

AAPA admits the use of a single database server for multiple companies as prior art as 
follows: 

c) Providing the single database server with first data relating to a first company and 
a first user, and second data relating to a second company and a second user 
[AAPA: p. 3, Ins. 1-5]; (placed between steps b) and d) above) 

e) Responding to the information relating to company and user (identity) to choose 
the first data [AAPA: p. 3, Ins. 1-5]; (placed between step d) and step f) above) 

It would have been obvious for a person having ordinary skill in the art to apply the 
RBAC system of Barkley '97 to the application server of Allard '559. Note that integrating the 
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RBAC system of Barkley '97 to an application server requires no significant modification to the 
application server [Barkley '97: p. 5, Ins. 1-18]. 

The ordinarily skilled artisan would have been motivated to apply the RBAC system of 
Barkley '97 to the application server of Allard '559 in order to obtain the well known benefits of 
role based access control (as opposed to control via access control lists) [Barkley '97: p. 5, Ins. 
21-37]. 

Furthermore, it would have been obvious for a person having ordinary skill in the art to 
use a single database server as admitted in AAPA for the data of multiple companies as applied 
to the combination of Allard '559 and Barkley '97 above. 

The ordinarily skilled artisan would have been motivated to use a single database server 
as admitted in AAPA for the data of multiple companies as applied to the combination of Allard 
'559 and Barkley '97 above in order to reduce hardware costs. [AAPA: p. 2, Ins. 25-29]. 

Regarding Claim 2, note that the application server as taught by Allard '559 in the Allard 
'559, Barkley '97, AAPA combination described above also stores the first user application 
program and the second user application program in the memory of the single application server 
[Allard '559: col. 6, Ins 18-23; col. 6, Ins. 2-5]. 
Claim 12: 

Allard '559 teaches a method for creating a first application program for a first user 
[Allard '559: col. 5, In. 68 to col. 6, In. 2; col. 7, Ins. 62-68], and a second application program 
for a second user [Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68; col. 6, Ins. 6-18], 
comprising the steps of: 
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a) Providing a single application server with multiple master programs [Allard '559: 
col. 5, Ins. 58-64]; 

b) Selecting a first one of the master programs [Allard '559: col. 5, In. 64 to col. 6, 
In. 5]; 

c) Selecting first data from the database [Allard '559: col. 1, Ins. 20-24; col. 2, Ins. 
28-32]; 

d) Creating the first application program from the first master program and the first 
data [Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68]; 

e) Selecting second data from the database [Allard '559: col. 1, Ins. 20-24; col. 2, 
Ins. 28-32]; and 

f) Creating the second application program from the second master program and the 
second data [Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68; col. 6, Ins. 
6-18]. 

Allard '559 does not teach the use of a database server with data associated with multiple 
companies or the use of roles. 

Barkley '97 teaches an RBAC system including the following: 

- Step b) above modified such that the selection of a first program is based on first user 
role [Barkley '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23]; 

- Step c) above modified such that the first data being dependent on the first user 
identity and first user company [Barkley '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23]; 
Step e) above modified such that the second data is dependent on the second user 
identity and second user company [Barkley '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23]. 
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AAPA admits providing a database server with data associated with multiple companies 
[AAPA: p. 3, Ins. 1-5]. 

It would have been obvious for a person having ordinary skill in the art to apply the 
RBAC system of Barkley '97 to the application server of Allard '559. 

The ordinarily skilled artisan would have been motivated to apply the RBAC system of 
Barkley '97 to the application server of Allard '559 on the same basis as Claim 1 above. 

Furthermore, it would have been obvious for a person having ordinary skill in the art to 
use a single database server as admitted in AAPA. 

The ordinarily skilled artisan would have been motivated to use a single database server 
as admitted in AAPA for the data of multiple companies as applied to the combination of Allard 
'559 and Barkley '97 above on the same basis as Claim 1 above. 

13. Claims 3 and 4 are rejected under 35 U.S.C. 103(a) as being unpatentable over Allard 
'559, Barkley '97, and AAPA, in further view of the publication, "Solaris 2.6, Administrator 
Certification Training Guide" by Bill Calkins (hereafter Calkins '99). 
Claims 3-4: 

Allard '559, Barkley '97, and AAPA teach all the limitations of Claim 1 as described 
above. Allard '559, Barkley '97, and AAPA in combination do not teach creating a directory 
responsive to user log-on data to provide the company, user identity, and user role data; or 
programming a directory with subjective data relating to the company, user identity, and user 
role for each authorized user of the application server. 
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However, Calkins '99 teaches creating a directory responsive to user log-on data to 
provide the company, user identity, and user role data [Calkins '99 pp. 78-79 in particular the 
last two lines on p. 79]; and programming a directory with subjective data relating to the 
company, user identity, and user role for each authorized user of the application server [Calkins 
'99 pp. 78-79 in particular the last two lines on p. 79]. 

Regarding Claim 3, it would have been obvious to apply the creating a directory 
responsive to user log-on data to provide the company, user identity, and user role data of 
Calkins '99 with Allard '559, Barkley '97, and AAPA combination as described above. 

The ordinarily skill artisan would have been motivated to apply the creating a directory 
responsive to user log-on data to provide the company, user identity, and user role data of 
Calkins '99 with the Allard '559, Barkley '97, and AAPA combination as described above in 
order to tie role based access control with to user identity in conjunction with a facility already in 
place [Barkley '97: p. 5, Ins. 31-35]. 

Regarding Claim 4, note that the access control to directories as taught by Calkins '99 in 
the Allard '559, Barkley '97, AAPA Calkins '99 combination as described above also covers 
programming a directory with subjective data relating to the company, user identity, and user 
role for each authorized user of the application server [Calkins '99 pp. 78-79 in particular the last 
two lines on p. 79]. 

14. Claims 5 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Allard 
'559, Barkley '97, and AAPA in further view of the publication "The ENTERPRISE 
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JAVABEANS (TM) Specification, vl .1" by Vlada Matena, and Mark Hapner (hereafter Sun 

'99). 
Claim 5: 

Allard '559 teaches a method for programming [Allard '559: col. 11, Ins. 1 1-20], based 
on information relating to identity of a user [Allard '559: col. 5, In. 58 to col. 6, In. 5] 
comprising the steps of: 

Providing a plurality of applications relating to different functions of the company 

[Allard '559: col. 2, Ins. 25-43]; 

Selecting a particular one of the applications [Allard '559: col. 4, Ins. 42-44]; 

- Programming the selected application component to access a particular portion of the 
database associated with the identity of the user [Allard '559: col. 2, Ins. 25-43]. 

Allard '559 does not explicitly teach, 

- The use of user roles, or user attributes such as user company, to select application or 
data. 

- Providing the database including data relating to different companies; 
Providing an application server configured to use an ENTERPRISE JAVABEAN 
(TM) protocol, or of applications implemented with ENTERPRISE JAVABEANS 
(TM). 

Barkley '97 teaches an RBAC system including: 

- Modifying a method for programming such that the applications are based on 
information relating to identity of a user, company of the user, and role of the user 
with the company; 
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- Selecting a particular application associated with user role; 

- Selecting a particular portion of the database associated with the company of the user, 
and the identity of the user. 

Barkley '97 does not explicitly teach 

- Providing the database including data relating to different companies; 
Providing an application server configured to use an ENTERPRISE JAVABEAN 
(TM) protocol, or of applications implemented with ENTERPRISE JAVABEANS 
(TM). 

AAPA teaches providing the database including data relating to different companies 
[AAPA: p. 3, Ins. 1-5]. However, AAPA does not explicitly teach the use of ENTERPRISE 
JAVABEANS (TM). 

Sun '99 teaches the providing an application server configured to use an ENTERPRISE 
JAVABEAN (TM) protocol [Sun '99: p. 15, Ins. 4-5], and applications implemented with 
ENTERPRISE JAVABEANS (TM) [Sun '99: p. 15, Ins. 1-4]. 

It would have been obvious for a person having ordinary skill in the art to combine the 
RBAC system of Barkley '97 with the application server of Allard '559. 

The ordinarily skilled artisan would have been motivated to combine the RBAC system 
of Barkley '97 with the application server of Allard '559 on the same basis as Claim 1 above. 

It would have been obvious for a person having ordinary skill in the art to combine the 
user of a single database with data from multiple companies as taught by AAPA with the Allard 
'559, Barkley '97 combination above. 
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The ordinarily skilled artisan would have been motivated to combine the user of a single 
database with data from multiple companies as taught by AAPA with the Allard '559, Barkley 
'97 combination above on the same basis as Claim 1 above. 

It would have been obvious to provision the Allard '559, Barkley '97, and AAPA 
combination above with ENTERPRISE JAVABEANS (TM) and to implement applications 
using ENTERPRISE JAVABEANS (TM). 

The ordinarily skilled artisan would have been motivated to provision the Allard '559, 
Barkley '97, and AAPA combination above with ENTERPRISE JAVABEANS (TM) and to 
implement applications using ENTERPRISE JAVABEANS (TM) in order to be compliant with 
a standard industry specification, and thus increase market share for the combination. Further 
note that while the exemplar of the application in the application server of Allard '559 in the 
Allard '559, Barkley '97, and AAPA combination, is MICROSOFT ISAPI (TM), Allard '559 
states, "It is noted, however, that this invention may be implemented using technology other than 
ISAPI (TM)" [Allard '559: col. 6, Ins. 40-41]. 
Claim 13: 

Regarding Claim 13, Allard '559, Barkley '97, and AAPA teach all the limitations of 
Claim 12 as described above. 

Furthermore, Barkley '97, in the Allard '559, Barkley '97, and AAPA combination as 
described above teaches: 

During the first selecting step, selecting a first application based on the first user role 
[Barkley '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23]; 
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Moreover Allard '559, in the Allard '559, Barkley '97, and AAPA combination as 
described above teaches: 

- During the second selecting step, programming the first application to access the first 

data [Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68; col. 1, Ins. 20-24; col. 

2, Ins. 28-32]. 

Allard '559, Barkley '97, and AAPA in combination do not teach that the applications 
above are implemented as ENTERPRISE JAVA BEANS (TM), nor do they teach the providing 
an ENTERPRISE JAVA BEAN (TM) protocol, in the application server wherein the multiple 
master programs comprise multiple master beans. 

Sun '99 teaches the providing of an application server with an ENTERPRISE JAVA 
BEAN (TM) protocol [Sun '99: p. 15, Ins. 4-5] and teaches the implementation of application 
via ENTERPRISE JAVA BEANS (TM) [Sun '99: p. 15, Ins 1-4]. 

It would have been obvious to provision the Allard '559, Barkley '97, and AAPA 
combination above with ENTERPRISE JAVABEANS (TM) and to implement applications 
using ENTERPRISE JAVABEANS (TM). 

The ordinarily skilled artisan would have been motivated to provision the Allard '559, 
Barkley '97, and AAPA combination above with ENTERPRISE JAVABEANS (TM) and to 
implement applications using ENTERPRISE JAVABEANS (TM) on the same basis as Claim 5 
above. 

1 5. Claims 6-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Allard '559, 
Barkley '97, AAPA, and Sun '99 in combination, in view of Calkins '99. 
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Claims 6-9: 

Regarding Claims 6-9, Allard '559, Barkley '97, AAPA, and Sun '99 teach all the 
limitations of Claim 5 above. Furthermore, Allard '559 of the Allard '559, Barkley '97, AAPA 
and Sun '99 combination as described above also teaches: 

- (elm. 7) Instantiating the programmed application to create a clone application 
[Allard '559: col. 9, Ins 62-68; col. 10, Ins. 5-18] adapted to access the particular 
portion of the database [Allard '559: col. 2, Ins. 25-43]. 

- (elm. 8) Creating a second clone application from the particular application, the 
second clone bean being adapted to access a second portion of the database different 
than the first portion of the database [Allard '559: col. 5, In. 68 to col. 6, In. 2; col. 7, 
Ins. 62-68; col. 6, Ins. 6-18; col. 1, Ins. 20-24; col. 2, Ins. 28-32]. 

- (elm. 9) Storing the first clone application and the second clone application in 
memory [Allard '559: col. 6, Ins. 18-23; col. 6, Ins. 2-5]. 

Moreover, Sun '99, of the Allard '559 of the Allard '559, Barkley '97, AAPA, and Sun 
'99 combination as described above teaches the implementation of the above applications using 
ENTERPRISE JAVABEANS (TM) [Sun '99: p. 15, Ins. 1-5]. 

Yet further, Barkley '97, of the Allard '559, Barkley '97, AAPA and Sun '99 
combination as described above teaches in his RBAC system: 

- (elm. 6) During the selecting step, responding to the role of the user to select the 
particular bean [Barkley '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23]; and 



Application/Control Number: 09/997,707 Page 16 

Art Unit: 2171 

- (elm. 6) During the programming step, responding to the user identity and the 
company of the user, to program the bean to access the particular portion of the 
database [Barkley '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23]. 

However, the Allard '559, Barkley '97, AAPA, and Sun '99 combination does not teach: 
(elm. 6) Providing a directory responsive to the user to indicate the user identity, the 
company of the user, and the role of the user; 

- Using the indication of the directory as to the role of the user; 

- Using the indication of the directory as to the user identity and the company of the 
user. 

Calkins '99 teaches: 

Providing a directory responsive to the user to indicate the user identity, the company 
of the user, and the role of the user [Calkins '99 pp. 78-79 in particular the last two 
lines on p. 79]; 

- Using the indication of the directory as to the role of the user [Calkins '99 pp. 78-79 
in particular the last two lines on p. 79]; 

- Using the indication of the directory as to the user identity and the company of the 
user [Calkins '99 pp. 78-79 in particular the last two lines on p. 79]. 

Regarding Claim 6, it would have been obvious to apply the creating a directory 
responsive to the user the company of the user, and the role of the user; and further to apply the 
indication of the directory as to the role of the user; and yet further to apply the indication of the 
directory as to the user identity and the company of the user, as taught by Calkins '99 to the 
Allard '559, Barkley '97, and AAPA combination as described above. 
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The ordinarily skill artisan would have been motivated to apply the creating a directory 
responsive to the user the company of the user, and the role of the user; and further to apply the 
indication of the directory as to the role of the user; and yet further to apply the indication of the 
directory as to the user identity and the company of the user, as taught by Calkins '99 to the 
Allard '559, Barkley '97, and AAPA combination as described above on the same basis as Claim 
3 above. 

Regarding Claim 7, note that Allard '559, of the Allard '559, Barkley '97, AAPA, Sun 
'99, and Calkins '99 combination above, also teaches instantiating the programmed application 
to create a clone application adapted to access the particular portion of the database as described 
above. Further note that Sun '99, of the Allard '559, Barkley '97, AAPA, and Sun '99 
combination above, also teaches implementing these applications with ENTERPRISE 
JAVABEANS (TM) as described above. 

Regarding Claim 8, note that Allard '559, of the Allard '559, Barkley '97, AAPA, Sun 
'99, and Calkins '99 combination above, also teaches creating a second clone application from 
the particular application, the second clone bean being adapted to access a second portion of the 
database different than the first portion of the database as described above. Further note that Sun 
'99, of the Allard '559, Barkley '97, AAPA, and Sun '99 combination above, also teaches 
implementing these applications with ENTERPRISE JAVABEANS (TM) as described above. 

Regarding Claim 9, note that Allard '559, of the Allard '559, Barkley '97, AAPA, Sun 
'99, and Calkins '99 combination above, also teaches storing the first clone application and the 
second clone application in memory as described above. Further note that Sun '99, of the Allard 
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'559, Barkley '97, AAPA, Sun '99, and Calkins '99 combination above, also teaches 
implementing these applications with ENTERPRISE JAVABEANS (TM) as described above. 

16. Claims 10-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over Allard '559, 
Barkley '97, and AAPA, in view of Calkins '99. 
Claims 10-11: 

Regarding Claims 10-11, Allard '559 teaches: 

- A container to create a program [Allard '559: col. 5, Ins. 58-64]; 

- A container to provide the program with access to a particular portion of the data of 
the company in the database [Allard '559: col. 2, Ins. 25-43]; 

Allard '559 does not teach the use of roles, and user company information, and furthermore does 
not teach the use of a single database to store the data of multiple companies, and moreover does 
not teach the use of a directory accessible to multiple users from multiple companies to indicate 
user identity, user role, and user company. 

Barkley '97 teaches modifying the above as follows: 

- (elm. 10) A container responsive to user role to create a program [Barkley '97: 
Section 3.2, Ins. 7-8, and Fig. 3]; 

- (elm. 10) A container responsive to user identity, user role, and user company to 
create a program and to provide the program with access to a particular portion of the 
data of the company in the database [Barkley '97: Section 3.2, Ins. 7-8, and Fig. 3]. 

- (elm. 1 1) The container is responsive to user role to create the program [Barkley '97: 
Section 3.2, Ins. 7-8, and Fig. 3]; and 
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(elm. 1 1) The container is responsive to user identity and company to provide the 
program with access to the particular portion of data in the database [Barkley '97: 
Section 3.2, Ins. 7-8, and Fig. 3]. 
Barkley '97 does not teach the use of a single database to store the data of multiple companies 
and furthermore does not teach the use of a directory accessible to multiple users from multiple 
companies to indicate user identity, user role, and user company. 
AAPA teaches: 

- (elm. 10) A single database storing data for each of the multiple companies [AAPA: 
p. 3, Ins. 1-5]; 

AAPA does not teach the use of a directory accessible to multiple users from multiple companies 
to indicate user identity, user role, and user company. 
Calkins '99 teaches: 

- A directory responsive to multiple users from multiple companies to provide an 
indication of user identity, user role, and user company [Calkins '99 pp. 78-79 in 
particular the last two lines on p. 79]. 

- Directory indications of user identity, user role, and user company [Calkins '99 pp. 
78-79 in particular the last two lines on p. 79]. 

It would have been obvious for a person having ordinary skill in the art to combine the 
REAC system of Barkley '97 with the application server of Allard '559. 

The ordinarily skilled artisan would have been motivated to combine the RBAC system 
of Barkley '97 with the application server of Allard '559 on the same basis as Claim 1 above. 
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It would have been obvious for a person having ordinary skill in the art to combine the 
user of a single database with data from multiple companies as taught by AAPA with the Allard 
'559, Barkley '97 combination above. 

The ordinarily skilled artisan would have been motivated to combine the user of a single 
database with data from multiple companies as taught by AAPA with the Allard '559, Barkley 
'97 combination above on the same basis as Claim 1 above. 

It would have been obvious for a person having ordinary skill in the art to combine the 
directory accessible to multiple users from multiple companies to indicate user identity, user 
role, and user company as taught by Calkins '99 with the Allard '559, Barkley '97 and AAPA 
combination above. 

The ordinarily skilled artisan would have been motivated to combine to combine the 
directory accessible to multiple users from multiple companies to indicate user identity, user 
role, and user company as taught by Calkins '99 with the Allard '559, Barkley '97 and AAPA 
combination above on the same basis as Claim 3 above. 

Regarding Claim 11, note that Barkley '97, of the Allard '559, Barkley '97, AAPA, and 
Calkins '99 combination above also teaches the container is responsive to user role to create the 
program; and the container is responsive to user identity and company to provide the program 
with access to the particular portion of data in the database as described above. 

Conclusion 

17. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure: 



• 



Application/Control Number: 09/997,707 
Art Unit: 2171 



Page 21 



Ferraiolo, David and Richard Kuhn, "Role Based Access Control," Proceedings of the 15 th National 
Computer Security Conference, 1992. This reference is the original paper on Role Based Access Control 
and contains the standard features of RBAC plus much motivational art. 

U.S. Patent No. 6,014,666, issued to Helland et al. "Declarative and Programmatic Access Control of 
Component-Based Server Applications Using Roles." This reference teaches the MICROSOFT 
TRANSACTION SERVER (MTS) (TM) implementations of management of component access via roles. 

U.S. Patent No. 5,884,3 16, issued to Bernstein et al. "Implicit Session Context System with Object State 
Cache." This reference teaches a way to associate an arbitrary set of fields in the session context for 
applications running from a web server. 

18. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Patrick J Santos whose telephone number is 703-305-0707. The 
examiner can normally be reached on M-F 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Safet Metjahic can be reached on 703-308-1436. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Patrick J. D. Santos 
November 10, 2003 
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